IBM Support

IT45438: An MQ JMS Client using TLSv1.3 GCM Cipher receives an RC=2009 and the Queue Manager generates an FDC with ProbeID CO373099.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Multi-threaded JMS client applications might instigate an
encryption key reset for every thread that shares a connection
to MQ, but the queue manager did not expect this.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
Multi-threaded JMS client applications using connection pooling
with TLSv1.3 ciphers that require a TLS encryption key reset
during data transmission to ensure secure data transfer.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
TLSv1.3 ciphers require two encryption keys (one for each data
flow path) and require the keys to be reset after a certain
quantity of data is transferred to ensure continued secure data
flow. A key reset requires the data flow to pause whilst the two
sides of the connection exchange new keys for encrypting the
data. The queue manager tracks how many key resets have been
observed on each connection

Multi-threaded JMS client applications instigate an encryption
key reset for every thread that shares a connection, so, if
there are many connection sharing threads, many resets may occur
simultaneously. In this situation the accounting logic for key
resets did not anticipate this volume of key resets, which
resulted in the connection being closed.

    



Problem conclusion


    

  • The key rest accounting code has been updated to correctly
handle multiple key resets from JMS clients.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.2 LTS   9.2.0.30
v9.3 LTS   9.3.0.20
v9.4 LTS   9.4.0.5
v9.x CD    9.4.1

The latest available maintenance can be obtained from
'IBM MQ Recommended Fixes'
https://www.ibm.com/support/pages/recommended-fixes-ibm-mq

If the maintenance level is not yet available information on
its planned availability can be found in 'IBM MQ
Planned Maintenance Release Dates'
https://ibm.biz/mqplannedmaintenance

---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT45438
    • 

  • Reported component name
    MQ BASE V9.3
    • 

  • Reported component ID
    5724H7291
    • 

  • Reported release
    933
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-02-08
    • 

  • Closed date
    2024-06-26
    • 

  • Last modified date
    2024-06-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ BASE V9.3
    • 

  • Fixed component ID
    5724H7291
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"933","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            26 June 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback